Hello,
I currently have some Windows Servers with the Universal Forwarder installed that are sending data to our indexer. I am now in a situation where I need to have the forwarder also send the data to a third party server. According to the documentation, the following in outputs.conf should send all data;
[tcpout]
[tcpout:fastlane]
server = 10.1.1.2:1517
sendCookedData = false
However, I have the third party server getting data but only is receiving "INFO" type logs which appear to be transaction type information from the splunk forwarder program itself and not the actual log data (windows events iis etc.) that I am sending into splunk that I need.
Am I missing something or will the universal forwarder not send that data?
Thanks
... View more